What is claimed is: 



1 . A method for authenticating a roaming device with a network, comprising the steps of: 
generating, by an authentication server of the network, authentication data associated with 

the roaming device; 

sending the authentication data to access points of the network, the access points being 
connected to the authentication server; and 

when the roaming device roams to a particular access point of the access points, using the 
authentication data to locally authenticate the roaming device at the particular access point. 

2. The method according to claim 1, further comprising the step of: 

storing the authentication data in a memory arrangement of each of the access points. 

3. The method according to claim 1, wherein the sending step includes the substeps of: 
encrypting the authentication data; and 

sending the encrypted authentication data to selected access points of the access points. 

4. The method according to claim 3, wherein the sending step includes the substeps of: 
determining at least one access point of the access points where the roaming device is 

likely to roam; and 

sending the encrypted authentication data to the at least one access point. 

5. The method according to claim 3, wherein the sending step includes the substep of 
sending the encrypted authentication data to all the access points. 

6. The method according to claim 1, further comprising the preliminary steps of: 
determining if the particular access point has authentication data associated with the 

roaming device; 

if the determination is positive, proceed to the step of using the authentication data to 
locally authenticate the roaming device at the particular access point; and 
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if the determination is negative, proceed to the step of generating, by an authentication 
server of the network, authentication data associated with the roaming device. 

7. The method according to claim 6, wherein the step of using the authentication 
data to locally authenticate the roaming device further comprises reassociating the roaming 
device with the particular access point of the access points by exchanging identification 
information. 

8. The method according to claim 7, wherein the reassociating step further includes the 
substeps of : 

searching a memory arrangement of the particular access point for the authentication data 
associated with the roaming device; and 

if the authentication data is found, performing a mutual authentication procedure between 
the roaming device and the particular access point. 

9. The method according to claim 1, wherein the generating step further includes 
the steps of: 

receiving an encrypted authentication request from the roaming device; 
determining that the roaming device can be granted access to network services; and 
generating an encrypted session key associated with the roaming device in the 
authentication server. 



10. A method for authenticating a roaming device with a network, comprising the steps of: 
connecting the roaming device with an authentication server upon a contact of the 

roaming device with a first access point of the network; 

authenticating the roaming device with the authentication server; 
generating authentication data for the roaming device; 

distributing the authentication data to the first access point and a second access point of 
the network; and 
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locally authenticating the roaming device upon a contact with the second access point 
using the distributed authentication data. 

11. The method according to claim 10, further comprising the step of: 
authenticating the roaming device with the authentication server if the local 

authentication of the roaming device fails. 

12. The method according to claim 10, wherein the distributing step further includes the 
substep of: 

distributing an encrypted session key to the first and second access points. 

13. The method according to claim 10, wherein the locally authenticating step further 
includes the substeps of: 

exchanging identification data between the roaming device and the second access point; 

and 

correlating the identification data with the distributed authentication data. 

14. The method according to claim 10, further comprising the step of: 

establishing a shared secret encryption between the authentication server and the first and 
second access points. 

15. The method according to claim 10, wherein the authentication server is a remote 
authentication dial-in user server. 

16. A system for authenticating a roaming device with a network, comprising: 
an authentication server connected to the network; and 

first and second access points connected to the authentication server, the first and second 
access points being capable of communicating with the roaming device, each of the first and 




Page 13 



# • '"^ 

second access points including a memory arrangement capable of storing authentication data 
corresponding to the roaming device, 

wherein the authentication server sends the authentication data to the first and second 
access points upon an initial authentication procedure of the roaming device w^ith the first access 
point, and 

wherein the second access point locally authenticates the roaming device upon a contact 
of the roaming device with the second access point. 

17. The system according to claim 16, wherein the second access point authenticates the 
roaming device with the authentication server if the authentication data is not found in the 
memory arrangement of the second access point. 

18. The system according to claim 16, wherein the second access point authenticates the 
roaming device with the authentication server if the local authentication of the roaming 
device at the second access point fails. 

19. A method for authenticating a roaming device with a network, comprising the 
steps of: 

with an authentication server, receiving an authentication request from a roaming device, 
the request being encrypted with a first shared code; 

with the authentication server, generating a session key associated with the roaming 

device; 

sending the session key to an access point of the network, the session key being encrypted 
with a second shared code; and 

utilizing the session key to authenticate the roaming device at the access point, and to 
encrypt data exchanged between the roaming device and the access point. 

20. The method according to claim 19, fiirther comprising the step of: 

sending the encrypted session key to a further access point of the network to authenticate 
the roaming device at the further access point. 
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21. The method according to claim 19, further comprising the steps of: 

generating a first key of the session key to perform authentication of the roaming device 

at the access point; and 

generating a second key of the session key to encrypt data exchanges between the 

roaming device and the access point, the second key being different from the first key. 
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